<?php
session_start();
$txtSubject = $_POST["txtSubject"];
$txtDescription = $_POST["txtDescription"];

//Dont allow end user to execute scripts
$txtDescription = str_replace("<","&lt;",$txtDescription);
$txtDescription = str_replace(">","&gt;",$txtDescription);
$txtDescription = str_replace('"',"&quot;",$txtDescription);
  

$currentTime = date ("Y-m-d H:i:s");
$uId = $_SESSION['UserId'] ;
$sql = "INSERT INTO question (Subject,Description,IsActive,creationTime,UserId) 
VALUES ('$txtSubject','$txtDescription',1,'$currentTime',$uId)";

//echo $sql;

require 'database.php';

mysql_query($sql);

$sql = "SELECT Id FROM question Order by id desc limit 1";
$result = mysql_query($sql);
$recordSet = mysql_fetch_array($result);
$latestId = $recordSet["Id"];
mysql_close();

header("location:ViewQuestion.php?quId=$latestId");

?>